Kaspersky CyberTrace uses the Elasticsearch database to store the indicators of compromise (IOC) from the threat intelligence feeds. This database contained in the Kaspersky CyberTrace distribution package.
On the Kaspersky CyberTrace web user interface you can select the Indicators tab. This section allows you to do the following:
When a new indicator is successfully added to the database, it can be used in the matching process. Such indicators are written to the database by using the InternalTI value of the supplier_name
attribute.
FalsePositive and InternalTI suppliers
The FalsePositive and InternalTI suppliers are built-in Kaspersky CyberTrace suppliers that you can add indicators to:
The InternalTI supplier indicators will have detections even if an indicator is from the false positives list.